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DECISION ON APPEAL 



1 Filed June 19, 2001, titled "Method and System for Implementing 
Database Connection Mapping for Reporting Systems." 
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This is a decision on appeal under 35 U.S.C. § 134(a) from the final 
rejection of claims 1-18. We have jurisdiction pursuant to 35 U.S.C. § 6(b). 
We reverse. 

STATEMENT OF THE CASE 

The invention 

The invention relates generally to implementing security features for 
reporting systems, such as decision support, Business Intelligence, on-line 
analytical processing and other systems. In particular, the invention relates 
to a method and system for implementing database connection mapping for 
mapping a user to an appropriate database via a database connection where 
the database connection comprises information for locating and logging into 
the appropriate database. Spec. 1, 11. 5-10. 

Illustrative claim 

Claim 1 is reproduced below for illustration: 

1. A method for implementing database connection mapping 
for connecting a user to at least one database in a reporting system, 
comprising the steps of: 

enabling a user to submit a user identification input and a user 
request to a reporting system; 

identifying the user based on user identification input; and 

controlling access to at least one database through a centralized 
server wherein the centralized server maps the user to at least one 
appropriate database based on the user request and at least one 
database connection definition. 
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The references 

Freeman US 2001/0049717 Al Dec. 6, 2001 

(filed Jan. 23, 2001) 

Lewis US 7,062,563 Bl Jun. 13, 2006 

(filed Feb. 27, 2002) 

The rejections 

Claims 1-5, 7-11, and 13-17 stand rejected under 35 U.S.C. § 102(e) 
as being anticipated by Lewis. 

Claims 6, 12, and 18 stand rejected under 35 U.S.C. § 103(a) as 
unpatentable over Lewis and Freeman. 

ANTICIPATION 

Issues 

The issues, as argued, are: 

Issue 1 : Does Lewis teach "enabling a user to submit a user 
identification input and a user request to a reporting system"! 

Issue 2: Does Lewis teach "controlling access to at least one database 
through a centralized server wherein the centralized server maps the user to 
at least one appropriate database based on the user request and at least one 
database connection definition"? 

Principles of law 

"Anticipation requires the presence in a single prior art disclosure of 
all elements of a claimed invention arranged as in the claim." Connell v. 
Sears, Roebuck & Co., 722 F.2d 1542, 1548 (Fed. Cir. 1983). 



3 



Appeal 2009-004977 
Application 09/883,301 



Findings of fact 

Lewis describes, as an overview: 

[T]he present invention provides an improved method and system for 
managing access information for users and other entities in a 
distributed computing system. In an embodiment of the present 
invention, information relating to user access (e.g., name, 
authentication information, and user roles) is stored in a centralized 
directory. When the user connects to the database, the database looks 
up the necessary information about the user in the directory. In an 
embodiment, the present invention addresses the user, administrative, 
and security challenges described above by centralizing storage and 
management of user-related information in an LDAP-compliant 
directory service. When an employee changes jobs in such an 
environment, the administrator need only modify information in one 
location-the directory-to make effective changes in multiple 
databases and systems. This centralization lowers administrative 
costs and improves enterprise security. 

Col. 1, 1. 53 to col. 2, 1. 2. 

The specifics of Lewis are best described in the analysis to prevent 
undue redundancy. 

Analysis 

Issue 1 

The Examiner finds that the limitation of "enabling a user to submit a 
user identification input and a user request to a reporting system" is taught at 
column 5, lines 49-60 and column 7, line 47 to column 8, line 5. Final 
Office Action (FOA) 3. 
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Appellants argue that column 5 of Lewis describes that databases refer 
to entries in a directory information system, but at this time, a user is already 
connected to a database and, so, Lewis does not disclose "enabling a user to 
submit a user identification input and a user request to a reporting system." 
Br. 6. It is argued that columns 7-8 discloses mapping objects and how a 
mapping object may be used to map an enterprise user to a schema, which is 
said to be a subset of a database, not a reporting system. Br. 7. It is argued 
that Lewis clearly discloses at column 1, lines 53-60, that a user connects to 
the "database" and not to a "reporting system" and Lewis cannot disclose 
mapping a user to a database because a database obtains a user's global 
rights when the user signs in. Br. 7-8. Appellants argue that the difference 
between connecting to a "database" as opposed to a "reporting system" is 
that a user who submits a user identification input and a request to a 
reporting system "need not have a known account to a database." Br. 9. 

The Examiner reads the claimed "reporting system" on the "directory 
information system" in Lewis because the Examiner does not find an explicit 
definition of a "reporting system." Ans. 6. The Examiner recognizes that 
the Specification describes that examples of "reporting systems" include 
"decision support, Business Intelligence, on-line analytical processing and 
other systems" (Spec. 1, 11. 5-7), and states that "[t]he examiner has read the 
claims in light of the specification as clearly shown above." Ans. 6-7. 

Appellants argue that a directory information system is not a reporting 
system per the examples in the specification. Reply Br. 4. It is argued that 
Lewis discloses that the directory information system may comprise a 
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"Lightweight Directory Access Protocol (LDAP) directory" but this is not a 
reporting system. Id. It is argued that "Appellants were unable to find a 
disclosure of a reporting system or of reports in Lewis." Reply Br. 5. 

The Specification states that examples of "reporting systems" include 
"decision support, Business Intelligence, on-line analytical processing 
[OLAP] and other systems" (Spec. 1, 11. 5-7). The "other systems" is very 
broad. We interpret "reporting system" broadly to include any system that 
returns an answer to a query. We do not agree with or understand the 
Examiner's reading of "reporting system" onto a directory information 
system because we fail to see how it "reports" anything. 

Nevertheless, Lewis has databases and one of ordinary skill in the art 
would understand that the databases must have some sort of front end 
reporting system, not explicitly shown, to respond to queries from users for 
information from the databases. For example, Lewis describes that the user 
at the first database may execute a database query at column 9, lines 55-58. 
The whole purpose of databases is for use in a database query system. Thus, 
the databases in Lewis are considered part of a reporting system, so sending 
authentication information and requests to the databases in Lewis is 
considered to meet the limitation "enabling a user to submit a user 
identification input and a user request to a reporting system." It is not 
determinative that Lewis does not expressly mention "reports" or a 
"reporting system." We note that "enabling a user to submit a user 
identification input and a user request to a reporting system" does not 
specify any order or time sequence of submitting the "user identification 
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input" and the "user request." Thus, a user can submit a user identification 
input to log on to a database (reporting system) and once authenticated and 
authorized, can later submit a request. 

Therefore, we find that Lewis teaches "enabling a user to submit a 
user identification input and a user request to a reporting system." 

Issue 2 

The Examiner finds that the limitation of "controlling access to at 
least one database through a centralized server wherein the centralized 
server maps the user to at least one appropriate database based on the user 
request and at least one database connection definition" (emphasis added) is 
taught at column 7, line 47 to column 8, line 5 of Lewis. FOA 3; Ans. 4. 

Appellants argue that columns 7-8 of "Lewis, at best, discloses 
mapping objects and how a mapping object may be used to map an 
enterprise user to a schema, which is a subset of the database." Br. 10. It is 
argued: 

Mapping objects are created for a particular database therefore a 
mapping object cannot map a user to an appropriate database because 
it belongs to one database in particular. A mapping object, at best, 
maps a user to a schema within a database (which the user is already 
connected to), not to the database. 

Br. 10; see also Reply Br. 5-6. Thus, it is argued, Lewis does not describe a 
centralized server that maps a user to a database. Br. 10; Reply Br. 6. 

The Examiner also finds that Lewis discloses mapping a user to a 
database at column 10, lines 37-52. FOA 3; Ans. 4. In the Examiner's 
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Answer, the Examiner cites for the first time to the "current user links" 
described at column 10, line 53 to column 11, line 3. Ans. 8. 

Appellants argue that column 10 of Lewis describes that "named links 
allow a user on a first database to execute a procedure at a second database 
using the security context of another user" (col. 10, 11. 42-44), which only 
discloses connecting a first user who is already mapped to a database, from 
one database to another, not mapping a user to a database. Br. 11; Reply 
Br. 7. It is argued that the "named link" contains the user name and 
password of the other user to execute the stored procedure, which is not 
"controlling access to at least one database through a centralized server." 
Br. 11; Reply Br. 7. It is argued that Lewis teaches away from using a 
named link for controlling access to a database because "Lewis teaches that 
named links are a potential security problem, not a method of 'controlling 
access.'" Br. 11. Appellants argue connecting from a first database to a 
second database using a stored procedure does not meet the limitation of 
"controlling access to at least one database through a centralized server" and 
does not "map the user to at least one appropriate database based on the 
user request and at least one database connection definition." Reply Br. 7. 
It is argued that the named link will always connect to the same database 
utilizing a connect string and the appropriate user credentials. Id. 

Appellants argue that the Examiner continues to confuse a centralized 
server mapping the user to a database, as claimed, and a user mapping to a 
database directly. Br. 12; Reply Br. 5. It is argued that Lewis describes that 
a user is already mapped to the database and is seeking authorization to the 
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database. Br. 12. It is argued that Lewis, at best, is directed towards 
centralizing the scope of privileges and does not provide a disclosure of 
mapping a user to an appropriate database. Id. 

Initially, as a matter of claim interpretation, the verb "map" is defined 
as "[t]o establish a correspondence between the elements of one set and the 
elements of another set." The New IEEE Standard Dictionary of Electrical 
and Electronics Terms (5th ed. IEEE 1993). We interpret "the centralized 
server maps the user to at least one appropriate database" to require an 
explicit function of establishing a correspondence between the user and a 
database, even if there is only one database. That is, merely logging onto a 
server which is associated with only a single database is not sufficient to 
meet the claim limitation because there is no explicit mapping function. 

Lewis describes "information related to user access (e.g., name, 
authentication information, and user roles) is stored in a centralized 
directory. When the user connects to the database, the database looks up the 
necessary information about the user in the directory." (Emphasis added.) 
Col. 1, 11. 56-60. Clearly, the centralized directory in Lewis does not map a 
user to a database because the user is already connected to the database 
before the database asks for user information from the centralized directory. 
Thus, if the claim limitation is to be met, we must rely on some other 
reading of Lewis. 

One possibility relied upon by the Examiner is the description of 
"mapping objects" at columns 7-8. Manifestly, not all mapping is mapping 
of a user to an appropriate database, so we must examine the mapping in 
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more detail. Lewis describes that a "[m]apping object contains mapping 
information between a full or partial distinguished name ('DN') in the 
directory information system and a user/schema name" (col. 5, 11. 55-57) and 
the "mapping object contains the mapping of an enterprise DN and a native 
database username" (col. 7, 11. 50-52). A "DN" is a unique name which 
identifies an entry in a directory, and may be defined as a collection of one 
or more entry attributes. Col. 5, 1. 34 to col. 6, 1. 18. A "schema" is defines 
a "set of statements, expressed in a data definition language, that completely 
describe the structure of a database." IBM Dictionary of Computing (10th 
ed. 1994). Thus, we disagree with Appellants' statement that a "schema" is 
"a subset of a database" (Br. 7); i.e., a schema is the organization of the 
database, not the database itself. In any case, we do not see how mapping 
between a full or partial DN (distinguished name) and a user/schema name 
can be considered to be mapping a user to a database. Moreover, Lewis 
describes that "[m]apping objects also reside under server objects, and are 
created for a particular database" (emphasis added) (col. 5, 11. 59-60), so we 
agree with Appellants that the mapping objects only map within a database, 
not to the database. 

Other possibilities for mapping are the descriptions of "connected- 
user links," "fixed user" or "named" links, and the "current user links" of the 
invention described at columns 9-13. The Examiner relies on the "fixed 
user" or "named" links described at column 10, lines 37-52, and in the 
Examiner's Answer cites for the first time the "current user links" described 
at column 10, line 53 to column 11, line 3 Lewis describes that users at a 
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first database may perform operations that require access to a second 
database. A "named" links contains both the connect string and the 
appropriate user credentials. Col. 10, 11. 38-41. We agree with Appellants 
that this is not access controlled through a centralized server, as claimed, and 
does not "map" to a database because the link will always connect to the 
same database utilizing a connect string and user credentials. That is, we do 
not see how merely connecting to a database over a link is "mapping." 

Using the "current user links" of the invention, the link to a remote 
database is embedded stored into a stored object that is executed and when 
any user runs a stored object, the privilege domain of the object owner is 
used, for example, by passing the DN of the current user from the first 
database to the second database. "The transmitted DN is used to map the 
connected user to the appropriate schema at the second database and for 
authorizing privileges." Col. 10, 1. 66 to col. 11, 1. 2. Again, we fail to see 
that there is any "mapping" done by a centralized server. The establishment 
of a link between two databases does not imply that there is mapping. 

The rejection does not clearly identify the elements and relationships 
in the limitation, i.e., what is the "centralized server"?, what is the 
"database"?, where is the "mapping" between the user and the database?, 
how is any mapping "based on the user request and at least one database 
connection definition"?, and how does Lewis teach that all this "controls 
access"? The Examiner has not persuaded us that Lewis teaches "controlling 
access to at least one database through a centralized server wherein the 
centralized server maps the user to at least one appropriate database based 
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on the user request and at least one database connection definition." 
Although Appellants' Specification describes many of the same elements 
found in Lewis, such as access control lists (ACLs), Lightweight Directory 
Access Protocol (LDAP), etc., the Examiner has not shown that the elements 
are connected and function as described and claimed. 

Conclusion 

Issue 1: Lewis teaches "enabling a user to submit a user identification 
input and a user request to a reporting system." 

Issue 2: Lewis does not teach "controlling access to at least one 
database through a centralized server wherein the centralized server maps 
the user to at least one appropriate database based on the user request and at 
least one database connection definition." 

Because Lewis does not teach at least "controlling access" in claim 1, 
and because independent claims 7 and 13 contain corresponding limitations, 
the anticipation rejection of claims 1-5, 7-11, and 13-17 is reversed. 

OBVIOUSNESS 
Because the Examiner does not rely on Freeman to cure the 
deficiencies of Lewis, the obviousness rejection of dependent claims 6, 12, 
and 18 is reversed. 

NEW GROUND OF REJECTION 
Claims 13-18 are rejected under 35 U.S.C. § 101 as being directed to 
nonstatutory subject matter. 
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"If a claim covers material not found in any of the four statutory 
categories, that claim falls outside the plainly expressed scope of § 101 even 
if the subject matter is otherwise new and useful." In re Nuijten, 
500 F.3d 1346, 1354 (Fed. Cir. 2007). "A transitory, propagating signal . . . 
is not a 'process, machine, manufacture, or composition of matter' [under 
35 U.S.C. § 101]" and therefore does not constitute patentable subject matter 
under § 101. Id. at 1357. Claims that are so broad that they read on 
nonstatutory as well as statutory subject matter are unpatentable. Cf. 
In re Lintner, 458 F.2d 1013, 1015 (CCPA 1972) ("Claims which are broad 
enough to read on obvious subject matter are unpatentable even though they 
also read on nonobvious subject matter."). This is now USPTO policy. See 
Subject Matter Eligibility of Computer Readable Media, 1351 Off. Gaz. Pat. 
Office 212 (Feb. 23, 2010). 

Claims 13-18 recite a "processor-readable medium comprising code" 
which is broad enough to read on a transitory, propagating signal containing 
information and are not limited to a tangible medium within one of the 
statutory classes of 35 U.S.C. § 101. 
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CONCLUSION 

The rejections of claims 1-18 are reversed. 

A new ground of rejection is entered as to claims 13-18. 

This decision contains new grounds of rejection pursuant to 37 C.F.R. 
§ 41.50(b). 37 C.F.R. § 41.50(b) provides that "[a] new ground of rejection 
pursuant to this paragraph shall not be considered final for judicial review." 

37 C.F.R. § 41.50(b) also provides that the appellant, WITHIN TWO 
MONTHS FROM THE DATE OF THE DECISION, must exercise one of 
the following two options with respect to the new ground of rejection to 
avoid termination of the appeal as to the rejected claims: 

(1) Reopen prosecution. Submit an appropriate amendment of 
the claims so rejected or new evidence relating to the claims so 
rejected, or both, and have the matter reconsidered by the examiner, in 
which event the proceeding will be remanded to the examiner. . . . 

(2) Request rehearing. Request that the proceeding be reheard 
under § 41.52 by the Board upon the same record. . . . 

Requests for extensions of time are governed by 37 C.F.R. § 1.136(b). 
See 37 C.F.R. § 41.50(f). 

REVERSED - 37 C.F.R. § 41.50(b) 
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HOMERE, Administrative Patent Judge, dissenting-in-part. 

I agree with the majority opinion ("Op." hereinafter) in all respects 
save one. I write separately to voice my disagreement with the majority's 
holding that Lewis does not teach "controlling access to at least one 
database through a centralized server wherein the centralized server maps 
the user to at least one appropriate database based on the user request and 
at least one database connection definition^ (emphasis added,) as recited in 
independent claim 1. (Op. 13.) In particular, the majority finds that "the 
centralized directory in Lewis does not map a user to a database because the 
user is already connected to the database before the database asks for user 
information from the centralized directory." (Op. 9.) Because of this 
finding, the majority reverses the Examiner's prior art rejection of claim 1. 
From that decision, I respectfully dissent. 

In my view, the majority misapprehended the claimed invention by 
narrowly construing the claim limitation in question. Such a narrow 
interpretation of the claim language is not consistent with In re Bigio, which 
requires that the claim be given the broadest reasonable interpretation. 
In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004). The cited recitation 
merely requires controlling access to a single (at least) database through the 
centralized server that maps a user to another single (at least) database based 
on the user's request and the database connection definition. 
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Applying the above claim construction to the definition 2 set forth by 

the majority in the Opinion, I find that where, as in this case, each of the sets 

only includes a single database element, the correspondence between the two 

sets necessarily occurs once the databases are communicating with each 

other. In other words, because of the one-to-one correspondence between 

the central server and the database, the mapping always occurs. In this 

particular case, as in Lewis's, Appellants' central server can only serve as a 

gate keeper by determining whether or not the user is authorized to access 

the single database. Put differently, where each of two sets only contains a 

single element, no actual mapping occurs since there is always a one-to-one 

correspondence between the two elements. In fact, the majority opinion 

supports this position by finding the following: 

"merely logging onto a server which is associated with only a 
single database is not sufficient to meet the claim limitation because 
there is no explicit mapping function." (Op. 9.) ... does not "map" to a 
database because the link will always connect to the same database 
utilizing a connect string and user credentials. That is, we do not see 
how merely connecting to a database over a link is "mapping." 
(Op. 11.) 

1 am therefore satisfied that Lewis's disclosure of the communication 
between the two databases teaches the disputed claim limitation. Thus, I 
cannot agree with the majority's reversal of the Examiner's rejection of 
claim 1. Accordingly, I would affirm the Examiner's rejection of 
independent claim 1 as being anticipated by Lewis. 

2 Mapping is defined as "establishing a correspondence between the 
elements of one set and the elements of another set." (Op. 9.) 
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